Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization connects and configures individual intrusion detection tools into an information system-wide intrusion detection system.
NIST 800-53 (r4) Supplemental Guidance:
None
NIST 800-53 (r5) Discussion:
Linking individual intrusion detection tools into a system-wide intrusion detection system provides additional coverage and effective detection capabilities. The information contained in one intrusion detection tool can be shared widely across the organization, making the system-wide detection capability more robust and powerful.
38North Guidance:
Meets Minimum Requirement:
Connect and configure individual intrusion detection tools into an information system-wide intrusion detection system (e.g., SIEM).
Best Practice: Tools like Snort, OSSEC or any other IDS/IPS solution should be configured to provide system wide capabilities as well as send information to a SIEM for correlation purposes.
Unofficial FedRAMP Guidance: None
Assessment Evidence:
Configuration settings of the system-wide intrusion detection system and logging information as part of a SIEM showing the feeds from individual intrusion detection tools.
CSP Implementation Tips: None
Page updated
Report abuse